Privacy Policy
Effective: 2026-05-15 (previously: 2026-04-28 · changes: §7.3 channel opt-out procedure added, §7.4 limits expanded)
1. Overview
This Privacy Policy describes how Gomebot (Telegram bot + gomebot.xyz web dashboard) collects, uses, retains, deletes, and processes personal data through third parties, and what rights you can exercise.
Scope
Activity in Telegram chats the bot has joined, all pages on the gomebot.xyz dashboard, and the smart-contract interfaces operated by this service.
Legal basis
- Chat administrators: adding Gomebot to a chat constitutes consent to processing of the admin's own public Telegram profile and the chat's operational metadata (chat ID, title, invite link, member count, admin permissions).
- Regular members: members' public Telegram profiles and activity metadata are aggregated and displayed under legitimate interest, since this information is already public on Telegram. Members may opt out of public exposure at any time per §7.
- Dashboard users: signing in with the Telegram Login Widget or Mini App constitutes consent to processing of your own Telegram profile.
2. What we collect
2.1 Collected via the Telegram bot
- Public Telegram profile: user_id (numeric identifier), username (@handle), first_name, last_name, language_code, photo
- Chat metadata: chat_id, chat title, invite link, chat type (group / supergroup)
- Activity metadata (no message bodies): message timestamp, daily message count, active days, join/leave events, spam-blocked events
2.2 Collected via the dashboard
- Telegram Login Widget or Mini App initData verification result: telegram_id, username, first_name, photo_url, auth_date
- Wallet address: when you connect a wallet, the address is exposed to the wagmi/viem client. The server uses it only for signature verification and DB matching during claim/transfer flows. Stored in: gomebot.user_claim_* (claim receipts), gomebot.reward_winners (winner mapping — owner-only view), gomebot.user_balance_* (creator vault balance)
- On-chain transaction hash: stored as a receipt for deposits, withdrawals, and claims
2.3 Automatically collected — cookies, JWT, analytics
- auth_token cookie: JWT (HS256, 7-day expiry, httpOnly + secure + sameSite=lax). Claims = { telegram_id, role, username, first_name, photo_url, iat, exp }
- Google Analytics: page views, sessions, events (browser IP, User-Agent, GA cookies _ga, _ga_*)
- Vercel: hosting-layer access logs (IP, User-Agent, request path) — retained per Vercel's policy
2.4 Message-body handling
We do not store the bodies of regular user messages sent in chats the bot has joined. Only metadata (timestamp, length, message type) is retained for aggregation.
Exception — admin-authored content: scheduled messages registered by chat administrators via /schedule are stored in DB (gomebot.daily_schedules) until they are sent. These are not user-authored chat messages; they are content the admin asked the bot to broadcast.
3. Purposes
| Item | Purpose |
|---|---|
| Public Telegram profile (user_id, username, first_name, photo) | Identify message authors in chats, verify admin-command permissions, log into the dashboard, populate public activity pages |
| Chat metadata (chat_id, title, link, type) | Identify chats the bot has joined, map admin permissions, populate public channel pages |
| Activity metadata (timestamp, length, type, joins/leaves, spam events) | Evaluate spam rules, aggregate daily statistics, score reward eligibility, populate public statistics pages |
| Admin-registered scheduled message bodies | Scheduled broadcasting |
| Wallet address + transaction hash | Reward-claim signature verification, creator vault deposits/withdrawals, double-claim prevention |
| auth_token JWT cookie | Maintain dashboard authentication session |
| Google Analytics | Aggregate dashboard traffic (public pages only) |
4. Retention and deletion
4.1 Retention periods
- User activity metadata (message timestamps/counts, joins/leaves, spam events): retained for the lifetime of the service
- Bot-cached profile photos (Supabase Storage tg-photos): refreshed automatically when Telegram reports a new file_unique_id. Photo deletions on Telegram are not automatically reflected in the bot cache
- Admin-registered scheduled message bodies: retained after sending for audit purposes (admins may delete manually)
- Authentication session (JWT): expires 7 days after issuance. Stored only as a client cookie; no server-side session table
- On-chain data (wallet address, tx hash): retained for the lifetime of the service. The on-chain record itself is permanent and cannot be deleted by this service
- Vercel access logs: retained per Vercel's policy
- Google Analytics: retained per GA's policy (default 14 months)
4.2 Deletion
- On opt-out (see §7), your Telegram handle is added to excluded_handles → removed from public list/search/aggregations within 3 business days.
- We do not provide a separate "delete account" menu; requests to remove personal information from public surfaces are handled via the opt-out flow above. Aggregate, anonymized statistics (total message counts, etc.) may persist after opt-out.
- On-chain data (wallet address, tx hash) cannot be deleted by this service due to the permanent nature of blockchain records.
5. Public exposure
5.1 Visible without authentication (/users, /users/[id], /insights, /overview, /channels, /rewards)
| Field | Where it appears |
|---|---|
| Telegram user_id (numeric) | /users/[id] URL path + drilldown header "ID: {user_id}" label |
| @username (handle) | User cards and tables across all public pages |
| first_name (or username fallback) | User cards and tables |
| Profile photo | Served from the Supabase Storage tg-photos public bucket URL |
| Activity statistics | Daily message count, total messages, channel count, active days, first/last activity timestamps |
| Per-channel activity breakdown | List of channels the user is active in plus per-channel message counts |
Correction notice: an earlier version of this policy stated that numeric user IDs are not shown publicly. That was inaccurate. The user_id is exposed in the user-page URL and HTML, and this revision corrects that.
5.2 Visible only to you (after authentication — /account)
- Your connected wallet address (truncated)
- Your deposit, withdrawal, and claim transaction hashes and amounts
- Your reward receipts and winning-event history
- The chats you administer (/rooms)
5.3 Visible only to administrators / owner (auth + role)
- Chat admins see moderation logs, spam events, and member-change history for the rooms they manage
- Owner-only /events page: full event lifecycle, vault drift, fee aggregates
- Other users' wallet addresses are never displayed in any view at any access tier (used server-side only for matching and signature verification).
6. Third-party processors
| Processor | Purpose | Processing location | Data shared |
|---|---|---|---|
| Supabase (Supabase Inc.) | Database, Realtime, Storage (profile photos) | ap-northeast-2 (Korea) | User profiles, activity statistics, claim receipts, chat metadata — all processing items in this policy |
| Telegram (Telegram FZ-LLC) | Bot message I/O, Login Widget, Mini App initData | Telegram infrastructure | Message events, user profiles, callbacks |
| Google Gemini (Google LLC) | News-digest LLM preprocessing | Google global infrastructure | Text from external RSS / news sources (no user messages) |
| Alchemy (Alchemy Insights, Inc.) | Base / Arbitrum mainnet RPC | Alchemy global infrastructure | Wallet addresses, transaction read requests |
| Google Analytics (Google LLC) | Dashboard traffic analytics | Google global infrastructure | Page views, sessions, events, browser / IP |
| Google AdSense (Google LLC) | Dashboard sidebar ad serving & measurement | Google global infrastructure | IP, browser / device info, advertising cookies, page context |
| Google Funding Choices (Google LLC) | Consent management (CMP) for EEA / UK / Switzerland visitors | Google global infrastructure | IP-based region detection, consent choices (TC String) |
| Vercel (Vercel Inc.) | Dashboard hosting, CDN, logs | Vercel global infrastructure | All dashboard HTTP traffic (including authentication cookies) |
Cross-border transfer notice
Of the processors above, Telegram, Google (Gemini · Analytics · AdSense · Funding Choices), Alchemy, and Vercel process your personal data outside of Korea (US and other global infrastructure). Supabase processes data in Korea (ap-northeast-2). You may refuse public-exposure processing via the opt-out flow in §7, and ceasing to use the bot stops new data collection immediately. For EEA / UK / Switzerland visitors, a Google-certified CMP (Funding Choices) presents a consent banner before ads are served; non-personalized ads only or ad blocking applies if consent is refused.
Any change or addition to processors will be communicated through a revision of this policy.
7. Your rights and opt-out
7.1 Rights
Under PIPA and GDPR you may exercise the following rights:
- Request access to how your personal data is processed
- Request correction or deletion (subject to the limits in §4.2)
- Request that processing be halted (i.e. opt out)
- Withdraw consent
7.2 Handle opt-out
To exclude your Telegram handle from public pages on gomebot.xyz, email the address below. Requests are processed within 3 business days.
Please include: your Telegram handle (@username) or user_id.
Email gee04147@gmail.com to opt out
7.3 Channel opt-out
If you operate a channel and want to exclude it from public pages on gomebot.xyz (channel list/detail, insights, user channel breakdown, sitemap, OG images), email the address below. Requests are processed within 3 business days. The bot continues to operate in the channel (spam filtering, rewards, moderation features remain active) — only public-page exposure is blocked.
Please include: channel link (e.g. https://t.me/yourchannel) or chat_id, plus proof of channel admin rights (a screenshot of a bot command issued inside the channel, or consent to verify admin status via the bot).
Email gee04147@gmail.com to opt out a channel
7.4 Limits of opt-out
Opt-out removes your handle, profile, or channel metadata from the /users index, search, public aggregates, PowerUsers, channel list/detail, OG images, sitemap, and similar public surfaces. It does NOT immediately remove the following:
- Direct access to your own /users/[user_id] drilldown URL — kept intentionally so you can still view your own activity history.
- Cached profile photo — the Supabase Storage public URL may continue to serve a cached image until Telegram reports a new photo or you request explicit deletion.
- Anonymized aggregates — totals such as overall message counts and channel counts persist without identifiers. For channel opt-out, per-day totals (with no specific channel identification) may also persist.
- CDN cache — for up to one hour after opt-out, exposure may persist via the Vercel CDN cache.
If you need additional handling (drilldown blocking, immediate cached-photo deletion, forced CDN cache invalidation, etc.), email the address in 7.2/7.3 with the specific request.
8. Cookies / JWT / analytics
| Name | Kind | Party | Purpose | Retention |
|---|---|---|---|---|
| auth_token | 1st-party JWT | Gomebot | Dashboard authentication session | 7 days |
| _ga, _ga_* | 3rd-party | Google Analytics | Traffic analytics | GA policy (default 14 months) |
| Vercel cookies | 3rd-party | Vercel | Hosting infrastructure | Vercel policy |
Refusal: you can block GA and Vercel cookies via your browser's cookie controls. Blocking auth_token will disable dashboard sign-in.
9. Privacy officer
| Field | Value |
|---|---|
| Officer | gome (Telegram: @hangome) |
| gee04147@gmail.com | |
| Response SLA | Within 3 business days |
10. Change history
| Effective | Summary |
|---|---|
| 2026-04-28 | Added Google AdSense (sidebar ads) and Google Funding Choices (EEA / UK / CH CMP) as third-party processors. Documented the ad consent flow. |
| 2026-04-26 | Adopted PIPA's nine mandatory items (legal basis, cross-border transfer, automatic collection devices, privacy officer, etc.). Corrected the user_id public-exposure statement. Listed six third-party processors. Documented opt-out limits. |
| 2026-04-18 | Initial policy (five sections). |